Fragmented cybersecurity regulation threatens organizations

Organizations across the United States have a number of cybersecurity regulations to comply with, and need to show that they take protection of sensitive data seriously.

Consumer data in the US is currently protected by a patchwork of industry-specific, federal, and state laws, the scope and jurisdiction of which vary. The challenge of compliance for organizations that conduct business across all 50 states is considerable.

“Increased regulatory fragmentation unduly diverts focus and resources, and ultimately threatens to make us more vulnerable to cyber attacks. Instead of a fractured approach by state, we need a coordinated national strategy for regulating cybersecurity.”

For example, NY financial institutions will be required to implement security measures in order to protect themselves against cyber attacks from March 1, 2017. They will need to not only maintain a cybersecurity policy and program, appoint a CISO, and implement risk assessment controls and an incident response plan, they will also have to provide regular cybersecurity awareness training, conduct penetration testing, and identify vulnerabilities.